Pedro Monreal Gonzalez
5fcfc4e55e
- FIPS: Additional modifications to the SLI. [bsc#1190698]
* Mark CMAC and GMAC and non-approved in gnutls_pbkfd2().
* Mark HMAC keylength less than 112 bits as non-approved in
gnutls_pbkfd2().
* Adapt the pbkdf2 selftest and the regression tests accordingly.
* Add gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
- FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941]
* Add new dependency on jitterentropy
* Add gnutls-FIPS-jitterentropy.patch
- FIPS:
* Add gnutls_ECDSA_signing.patch [bsc#1190698]
- Check minimum keylength for symmetric key generation
- Only allows ECDSA signature with valid set of hashes
(SHA2 and SHA3)
OBS-URL: https://build.opensuse.org/request/show/1003480
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=73
115 lines
3.9 KiB
Diff
115 lines
3.9 KiB
Diff
Index: gnutls-3.7.7/lib/crypto-api.c
|
|
===================================================================
|
|
--- gnutls-3.7.7.orig/lib/crypto-api.c
|
|
+++ gnutls-3.7.7/lib/crypto-api.c
|
|
@@ -2228,7 +2228,12 @@ gnutls_pbkdf2(gnutls_mac_algorithm_t mac
|
|
if (!is_mac_algo_allowed(mac)) {
|
|
_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
|
|
return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
|
|
- } else if (!is_mac_algo_approved_in_fips(mac)) {
|
|
+ } else if (!is_mac_algo_approved_for_pbkdf2_in_fips(mac)) {
|
|
+ not_approved = true;
|
|
+ }
|
|
+
|
|
+ /* Key lengthes less than 112 bits are not approved */
|
|
+ if (length < 14 || key->size < 14) {
|
|
not_approved = true;
|
|
}
|
|
|
|
Index: gnutls-3.7.7/lib/fips.h
|
|
===================================================================
|
|
--- gnutls-3.7.7.orig/lib/fips.h
|
|
+++ gnutls-3.7.7/lib/fips.h
|
|
@@ -100,6 +100,25 @@ is_mac_algo_approved_in_fips(gnutls_mac_
|
|
}
|
|
|
|
inline static bool
|
|
+is_mac_algo_approved_for_pbkdf2_in_fips(gnutls_mac_algorithm_t algo)
|
|
+{
|
|
+ switch (algo) {
|
|
+ case GNUTLS_MAC_SHA1:
|
|
+ case GNUTLS_MAC_SHA256:
|
|
+ case GNUTLS_MAC_SHA384:
|
|
+ case GNUTLS_MAC_SHA512:
|
|
+ case GNUTLS_MAC_SHA224:
|
|
+ case GNUTLS_MAC_SHA3_224:
|
|
+ case GNUTLS_MAC_SHA3_256:
|
|
+ case GNUTLS_MAC_SHA3_384:
|
|
+ case GNUTLS_MAC_SHA3_512:
|
|
+ return true;
|
|
+ default:
|
|
+ return false;
|
|
+ }
|
|
+}
|
|
+
|
|
+inline static bool
|
|
is_mac_algo_allowed_in_fips(gnutls_mac_algorithm_t algo)
|
|
{
|
|
return is_mac_algo_approved_in_fips(algo);
|
|
Index: gnutls-3.7.7/lib/crypto-selftests.c
|
|
===================================================================
|
|
--- gnutls-3.7.7.orig/lib/crypto-selftests.c
|
|
+++ gnutls-3.7.7/lib/crypto-selftests.c
|
|
@@ -3090,30 +3090,6 @@ struct pbkdf2_vectors_st {
|
|
};
|
|
|
|
const struct pbkdf2_vectors_st pbkdf2_sha256_vectors[] = {
|
|
- /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
|
|
- {
|
|
- STR(key, key_size, "passwd"),
|
|
- STR(salt, salt_size, "salt"),
|
|
- .iter_count = 1,
|
|
- STR(output, output_size,
|
|
- "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44"
|
|
- "\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57"
|
|
- "\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16"
|
|
- "\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5"
|
|
- "\x09\x11\x20\x41\xd3\xa1\x97\x83"),
|
|
- },
|
|
- /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
|
|
- {
|
|
- STR(key, key_size, "Password"),
|
|
- STR(salt, salt_size, "NaCl"),
|
|
- .iter_count = 80000,
|
|
- STR(output, output_size,
|
|
- "\x4d\xdc\xd8\xf6\x0b\x98\xbe\x21\x83\x0c\xee\x5e\xf2\x27"
|
|
- "\x01\xf9\x64\x1a\x44\x18\xd0\x4c\x04\x14\xae\xff\x08\x87"
|
|
- "\x6b\x34\xab\x56\xa1\xd4\x25\xa1\x22\x58\x33\x54\x9a\xdb"
|
|
- "\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78"
|
|
- "\x47\x8f\x62\xb3\x97\xf3\x3c\x8d"),
|
|
- },
|
|
/* Test vector extracted from:
|
|
* https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
|
|
{
|
|
Index: gnutls-3.7.7/tests/kdf-api.c
|
|
===================================================================
|
|
--- gnutls-3.7.7.orig/tests/kdf-api.c
|
|
+++ gnutls-3.7.7/tests/kdf-api.c
|
|
@@ -192,14 +192,19 @@ doit(void)
|
|
"2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
|
|
"34007208d5b887185865");
|
|
|
|
- /* Test vector from RFC 6070. More thorough testing is done
|
|
- * in nettle. */
|
|
- test_pbkdf2(GNUTLS_MAC_SHA1,
|
|
- "70617373776f7264", /* "password" */
|
|
- "73616c74", /* "salt" */
|
|
+ /* Test vector extracted from:
|
|
+ * https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
|
|
+ test_pbkdf2(GNUTLS_MAC_SHA256,
|
|
+ "70617373776f726450415353"
|
|
+ "574f524470617373776f7264", /* "passwordPASSWORDpassword" */
|
|
+ "73616c7453414c5473616c74"
|
|
+ "53414c5473616c7453414c54"
|
|
+ "73616c7453414c5473616c74", /* "saltSALTsaltSALTsaltSALTsaltSALTsalt" */
|
|
4096,
|
|
- 20,
|
|
- "4b007901b765489abead49d926f721d065a429c1");
|
|
+ 40,
|
|
+ "348c89dbcbd32b2f32d814b8"
|
|
+ "116e84cf2b17347ebc180018"
|
|
+ "1c4e2a1fb8dd53e1c635518c7dac47e9");
|
|
|
|
gnutls_fips140_context_deinit(fips_context);
|
|
}
|